# Maintainer: George Rawlinson <grawlinson@archlinux.org>

pkgname=opensnitch
pkgver=1.6.4
pkgrel=1
pkgdesc='A GNU/Linux application firewall'
arch=('loong64' 'x86_64')
url='https://github.com/evilsocket/opensnitch'
license=('GPL3')
depends=(
  'glibc'
  'hicolor-icon-theme'
  'libnetfilter_queue'
  'libnfnetlink'
  'python'
  'python-grpcio'
  'python-protobuf'
  'python-slugify'
  'python-pyqt5'
  'python-pyinotify'
  'python-notify2'
)
makedepends=(
  'git'
  'go'
  'python-grpcio-tools'
  'python-build'
  'python-installer'
  'python-wheel'
  'python-setuptools'
  'python-nspektr'
  'python-jaraco.text'
  'qt5-tools'
)
optdepends=(
  'logrotate: logfile rotation'
  'python-qt-material: extra ui themes'
  'python-pyasn: display network name of IP'
)
backup=(
  'etc/opensnitchd/default-config.json'
  'etc/opensnitchd/system-fw.json'
)
options=('!lto')
_commit='c3dc1fcc4a6722ad4ab8137b4cc3222879bd4037'
source=(
  "$pkgname::git+$url#commit=$_commit"
  'fix-systemd-service.patch'
  'remove-debian-path.patch'
  'fix-setup.py.patch'
  'add-generated-protobuf-files.patch'
  'use-system-python-packages.patch'
  'add-translations.patch'
  'add-go.sum-file.patch'
  'template-version-strings.patch'
  'tmpfiles.conf'
)
b2sums=('SKIP'
        'a632dc8cc86a96e569a990ae1f869c3d03766828d7bfd672f2376bc0a5e8eacea8c09e3e889307ccc6138485dbde8a3e154103646cbaa80ffa4d9010abcc426d'
        '680aa7bf1470fac5c009cc5c8ea0f88dec7a8d5224be1239fcc1bbd041d724cc9e0d9389b95c4879cf16e80dc3ff7d09e472ee3c5c1585b8d6490d455df2500f'
        'd9ced1c2fd01d2d8f13c9173c7f0d70359d58cd9f9849c45b188117fd47722c8a0dbb65f6068c3e8d23cb19e6de496f845783b2ae35cb889f49b0558927e0a62'
        '88f7d6a4cacffd0694a7346ceef5e7e81234bc7ef7c4870cd6f73c810a8f6e807134f798d8934458bdf011354adc79397a3b53654fd606a97bbef83d0dfadf5f'
        '5b1ed289ccfb6598941667065a4e533631f374a43793765044ee9f655ac2331595670e383821cf6b7a4114f117905de4895ba2bb430408011cc384821d53355c'
        'c2d2642c5de8b50aee3923dce09faedbe4db63ec2369894efceb8bc4237759190c8ea4cade375262623153c13d814b4196915687cd33886b22e0b33cc501b09d'
        'f92122e9df08b720b63dbf023e81c1b0f660ff88149174efab8603ebabd5913dc4056a19b3e43202e1e4e68431ce52bee9eee2b0b32b8a22d327358deaf87a27'
        '093ecf4398ffcd9f4077b41174e93707ba90cef717fa7e35a44557a52969d356216b08f6a4ce38fc93a7ba4e8cb14c7c2a4368ba0b023527d1ee93879728b30d'
        '81dbb6ba72d5bf5a0d9fa3dea33b87f03604c1a2537a4ca47b45923ab186e68d5c24b043691a857948ae404409dc3cc66a7ef004ee20dc2451aa5190fe6479bb')

pkgver() {
  cd "$pkgname"

  git describe --tags | sed 's/^v//'
}

prepare() {
  cd "$pkgname"

  # TODO file an upstream bug
  # * fix an issue with setup.py installing to python's site-packages instead
  # of /usr
  # * prefer scaled SVG instead of pixellated 48x48 PNG
  patch -p1 -i "$srcdir/fix-setup.py.patch"

  # add generated protobuf files
  # required for reproducible builds & to side-step
  # requirement of protoc-gen-go{,-grpc} binaries
  patch -p1 -i "$srcdir/add-generated-protobuf-files.patch"

  # use system python packages
  patch -p1 -i "$srcdir/use-system-python-packages.patch"

  # get go.sum file from 'go mod tidy'
  patch -p1 -i "$srcdir/add-go.sum-file.patch"

  # add generated translation files
  # required for reproducible builds
  git apply "$srcdir/add-translations.patch"

  # TODO file an upstream bug
  # fix a couple of issues with the systemd service
  patch -p1 -i "$srcdir/fix-systemd-service.patch"

  # TODO file an upstream bug
  # remove Debian-specific path from sys.path
  patch -p1 -i "$srcdir/remove-debian-path.patch"

  # version strings are currently out of date
  # template-ify version strings for easier sed invocation (1/2)
  #patch -p1 -i "$srcdir/template-version-strings.patch"

  # download dependencies
  cd daemon
  export GOPATH="${srcdir}"
  go mod download
}

build() {
  cd "$pkgname"

  # template-ify version strings for easier sed invocation (2/2)
  #sed -e "s/@VERSION@/$pkgver/" -i daemon/core/version.go
  #sed -e "s/@VERSION@/$pkgver/" -i ui/opensnitch/version.py

  # set Go flags
  export CGO_CPPFLAGS="${CPPFLAGS}"
  export CGO_CFLAGS="${CFLAGS}"
  export CGO_CXXFLAGS="${CXXFLAGS}"
  export GOPATH="${srcdir}"

  # build daemon with debug info
  pushd daemon
  go build -v \
    -buildmode=pie \
    -mod=readonly \
    -modcacherw \
    -ldflags "-compressdwarf=false \
    -linkmode external \
    -extldflags ${LDFLAGS}" \
    -o opensnitchd \
    .
  popd

  # build python package
  pushd ui
  python -m build --wheel --no-isolation
  popd
}

package() {
  cd "$pkgname"

  # daemon
  install -vDm755 -t "$pkgdir/usr/bin" daemon/opensnitchd

  # systemd integration
  install -vDm644 utils/packaging/daemon/deb/debian/opensnitch.service "$pkgdir/usr/lib/systemd/system/opensnitchd.service"
  install -vDm644 "$srcdir/tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"

  # configuration
  install -vDm644 -t "$pkgdir/etc/opensnitchd" daemon/{default-config,system-fw}.json

  # logrotate
  install -vDm644 utils/packaging/daemon/deb/debian/opensnitch.logrotate "$pkgdir/etc/logrotate.d/$pkgname"

  # python ui
  python -m installer --destdir="$pkgdir" ui/dist/*.whl

  # TODO file an upstream bug
  # tests are in site-packages, big no-no
  local site_packages=$(python -c "import site; print(site.getsitepackages()[0])")
  rm -rf "$pkgdir/$site_packages/tests"
}
